Votre question

antivirus 2009...

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Novembre 2008 21:18:14

Bonsoir

Mon PC est très mal en point... J'ai un trojan nommé "antivirus 2009" qui me pourrit la vie !

Voici le rapport Hijackthis, merci d'avance pour votre aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:03, on 27.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\41.tmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FICHIE~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ch/0SEFRCH/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\41.tmp.exe
O4 - HKCU\..\Run: [58057965323042588542557572608376] C:\Program Files\Antivirus 2009\av2009.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://tornos
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

--
End of file - 6218 bytes

Autres pages sur : antivirus 2009

a b 8 Sécurité
27 Novembre 2008 21:28:04

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    27 Novembre 2008 22:48:43

    malgré le tuto et le fait que normalement je sache faire, je n'ai pas réussi à redémarrer en mode sans échec.
    bref, j'ai quand même fait le scan Malwarebytes' Anti-Malware, et a priori ça a marché !
    voici le rapport + un nouveau Hijackthis.

    Est-ce que je dois utiliser Malwarebytes' Anti-Malware fréquement ou je le supprime ?

    Merci !

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1430
    Windows 5.1.2600 Service Pack 2

    27.11.2008 22:18:52
    mbam-log-2008-11-27 (22-18-52).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 76162
    Temps écoulé: 26 minute(s), 47 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 10
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 24

    Processus mémoire infecté(s):
    C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus 2009) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\58057965323042588542557572608376 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Antivirus 2009 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Menu Démarrer\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\dtqlv.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\jfjsipw.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\tffok.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Temp\~tmpd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP147\A0032376.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSarxx.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSnpur.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSotuu.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSvoqm.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ieupdates.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\trz2.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nc45f4EY.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Temp\TDSSad18.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Temp\TDSSadcc.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Temp\~tmpa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Temp\~tmpe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Temp\41.tmp.exe (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\system32\TDSSdxgp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSkkao.log (Trojan.TDSS) -> Quarantined and deleted successfully.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:46:18, on 27.11.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ch/0SEFRCH/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://tornos
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

    --
    End of file - 5806 bytes


    Contenus similaires
    a b 8 Sécurité
    28 Novembre 2008 17:48:28

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    29 Novembre 2008 14:09:02

    salut

    voici le rapport combofix :

    ComboFix 08-11-28.03 - Administrateur 2008-11-29 13:57:18.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.180 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\mdm.exe
    c:\windows\system32\TDSSmtpe.dat
    c:\windows\system32\winsrc.dll.tmp

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV.SYS
    -------\Service_TDSSserv.sys


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-27 21:32 . 2008-11-27 21:32 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-27 21:32 . 2008-11-27 21:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-27 21:32 . 2008-11-27 21:32 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-11-27 21:32 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-27 21:32 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-27 21:14 . 2008-11-27 21:14 <REP> d-------- c:\program files\Trend Micro
    2008-11-26 20:47 . 2008-11-26 20:47 <REP> d-------- c:\program files\Enigma Software Group
    2008-11-26 19:00 . 2008-11-26 19:00 <REP> dr------- c:\documents and settings\NetworkService\Favoris
    2008-11-26 17:07 . 2008-11-27 20:59 64,000 --a------ c:\windows\system32\nc45f4EY.exe
    2008-11-26 17:07 . 2008-11-26 17:07 2 --a------ C:\-1131205315
    2008-11-26 17:06 . 2008-11-26 20:44 0 --a------ c:\windows\system32\drivers\d2d67b73.sys
    2008-11-22 12:34 . 2008-11-22 12:34 <REP> d-------- c:\program files\DAEMON Tools Lite
    2008-11-22 12:31 . 2008-11-22 12:31 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DAEMON Tools
    2008-11-22 12:31 . 2008-11-22 12:31 717,296 --a------ c:\windows\system32\drivers\sptd.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-26 16:15 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
    2008-10-14 17:21 --------- d-----w c:\documents and settings\Administrateur\Application Data\ICAClient
    2008-10-12 06:28 --------- d-----w c:\program files\Matroska Pack
    2008-09-10 12:46 7,730,856 ----a-w c:\program files\Google_Earth_CZXD.exe
    1999-04-05 21:27 99,840 ----a-w c:\program files\Fichiers communs\IRAABOUT.DLL
    1998-12-08 11:53 70,144 ----a-w c:\program files\Fichiers communs\IRAMDMTR.DLL
    1998-12-08 11:53 48,640 ----a-w c:\program files\Fichiers communs\IRALPTTR.DLL
    1998-12-08 11:53 31,744 ----a-w c:\program files\Fichiers communs\IRAWEBTR.DLL
    1998-12-08 11:53 186,368 ----a-w c:\program files\Fichiers communs\IRAREG.DLL
    1998-12-08 11:53 17,920 ----a-w c:\program files\Fichiers communs\IRASRIAL.DLL
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 290816]
    "Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]
    "QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-01-31 106496]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
    "MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-26 90112]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-02-26 180316]
    "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2006-07-19 1548288]
    "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
    "CARPService"="carpserv.exe" [2003-04-15 c:\windows\system32\carpserv.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-28 78416]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-28 20560]
    R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\DRIVERS\aliirda.sys [2007-02-23 26112]
    R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2007-02-23 292352]
    R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2007-02-23 273536]
    S1 d2d67b73;d2d67b73;c:\windows\system32\drivers\d2d67b73.sys [2008-11-26 0]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-26 c:\windows\Tasks\At1.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At10.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At11.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At12.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-29 c:\windows\Tasks\At13.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-29 c:\windows\Tasks\At14.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At15.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At16.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At17.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At18.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At19.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At2.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At20.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At21.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At22.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At23.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At24.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At25.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At26.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At27.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At28.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At29.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At3.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At30.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At31.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At32.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At33.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At34.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At35.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At36.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-29 c:\windows\Tasks\At37.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-29 c:\windows\Tasks\At38.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At39.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At4.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At40.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At41.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At42.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At43.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At44.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At45.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At46.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At47.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At48.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-27 c:\windows\Tasks\At49.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At5.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-27 c:\windows\Tasks\At50.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-27 c:\windows\Tasks\At51.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-27 c:\windows\Tasks\At52.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-27 c:\windows\Tasks\At53.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-27 c:\windows\Tasks\At54.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-27 c:\windows\Tasks\At55.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-27 c:\windows\Tasks\At56.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-27 c:\windows\Tasks\At57.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-27 c:\windows\Tasks\At58.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-27 c:\windows\Tasks\At59.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At6.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-27 c:\windows\Tasks\At60.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-29 c:\windows\Tasks\At61.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-29 c:\windows\Tasks\At62.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At63.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At64.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At65.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At66.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At67.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At68.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At69.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At7.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At70.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-28 c:\windows\Tasks\At71.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-27 c:\windows\Tasks\At72.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At8.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]

    2008-11-26 c:\windows\Tasks\At9.job
    - c:\windows\system32\nc45f4EY.exe [2008-11-27 20:59]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-29 14:01:53
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????4?5?4?4??????? ??3B?????????????T?B? ??????

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\system32\HPConfig.exe
    c:\program files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-29 14:05:46 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-11-29 13:05:43

    Avant-CF: 2'715'914'240 octets libres
    Après-CF: 2,723,696,640 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    273
    a b 8 Sécurité
    30 Novembre 2008 19:32:56

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    c:\windows\system32\nc45f4EY.exe
    c:\windows\Tasks\At*.job


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    * le nom de la partition peut changer
    30 Novembre 2008 21:42:48

    hello

    Pas de redémarrage.

    Rapport Combofix :

    ComboFix 08-11-28.03 - Administrateur 2008-11-30 21:33:06.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.205 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\system32\nc45f4EY.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\nc45f4EY.exe
    c:\windows\Tasks\At1.job

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-27 21:32 . 2008-11-27 21:32 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-27 21:32 . 2008-11-27 21:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-27 21:32 . 2008-11-27 21:32 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-11-27 21:32 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-27 21:32 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-27 21:14 . 2008-11-27 21:14 <REP> d-------- c:\program files\Trend Micro
    2008-11-26 20:47 . 2008-11-26 20:47 <REP> d-------- c:\program files\Enigma Software Group
    2008-11-26 19:00 . 2008-11-26 19:00 <REP> dr------- c:\documents and settings\NetworkService\Favoris
    2008-11-26 17:07 . 2008-11-26 17:07 2 --a------ C:\-1131205315
    2008-11-26 17:06 . 2008-11-26 20:44 0 --a------ c:\windows\system32\drivers\d2d67b73.sys
    2008-11-22 12:34 . 2008-11-22 12:34 <REP> d-------- c:\program files\DAEMON Tools Lite
    2008-11-22 12:31 . 2008-11-22 12:31 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DAEMON Tools
    2008-11-22 12:31 . 2008-11-22 12:31 717,296 --a------ c:\windows\system32\drivers\sptd.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-29 13:54 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
    2008-10-14 17:21 --------- d-----w c:\documents and settings\Administrateur\Application Data\ICAClient
    2008-10-12 06:28 --------- d-----w c:\program files\Matroska Pack
    2008-09-10 12:46 7,730,856 ----a-w c:\program files\Google_Earth_CZXD.exe
    1999-04-05 21:27 99,840 ----a-w c:\program files\Fichiers communs\IRAABOUT.DLL
    1998-12-08 11:53 70,144 ----a-w c:\program files\Fichiers communs\IRAMDMTR.DLL
    1998-12-08 11:53 48,640 ----a-w c:\program files\Fichiers communs\IRALPTTR.DLL
    1998-12-08 11:53 31,744 ----a-w c:\program files\Fichiers communs\IRAWEBTR.DLL
    1998-12-08 11:53 186,368 ----a-w c:\program files\Fichiers communs\IRAREG.DLL
    1998-12-08 11:53 17,920 ----a-w c:\program files\Fichiers communs\IRASRIAL.DLL
    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-29_14.04.39.06 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-11-30 08:08:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_71c.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 290816]
    "Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]
    "QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-01-31 106496]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
    "MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-26 90112]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-02-26 180316]
    "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2006-07-19 1548288]
    "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
    "CARPService"="carpserv.exe" [2003-04-15 c:\windows\system32\carpserv.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-28 78416]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-28 20560]
    R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\DRIVERS\aliirda.sys [2007-02-23 26112]
    R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2007-02-23 292352]
    R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2007-02-23 273536]
    S1 d2d67b73;d2d67b73;c:\windows\system32\drivers\d2d67b73.sys [2008-11-26 0]

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-26 c:\windows\Tasks\At10.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At11.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At12.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At13.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At14.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At15.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At16.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At17.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At18.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At19.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At2.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At20.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At21.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At22.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-29 c:\windows\Tasks\At23.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At24.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At25.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At26.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At27.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At28.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At29.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At3.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At30.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At31.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At32.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At33.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At34.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At35.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At36.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At37.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At38.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At39.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At4.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At40.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At41.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At42.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At43.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At44.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At45.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At46.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-29 c:\windows\Tasks\At47.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At48.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-27 c:\windows\Tasks\At49.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At5.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-27 c:\windows\Tasks\At50.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-27 c:\windows\Tasks\At51.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-27 c:\windows\Tasks\At52.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-27 c:\windows\Tasks\At53.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-27 c:\windows\Tasks\At54.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-27 c:\windows\Tasks\At55.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-27 c:\windows\Tasks\At56.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-27 c:\windows\Tasks\At57.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-27 c:\windows\Tasks\At58.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At59.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At6.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At60.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At61.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At62.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At63.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At64.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At65.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At66.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At67.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At68.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At69.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At7.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-30 c:\windows\Tasks\At70.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-29 c:\windows\Tasks\At71.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-27 c:\windows\Tasks\At72.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At8.job
    - c:\windows\system32\nc45f4EY.exe []

    2008-11-26 c:\windows\Tasks\At9.job
    - c:\windows\system32\nc45f4EY.exe []
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-30 21:35:40
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????4?5?4?4??@???? ??3B?????????????T?B? ??????

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
    .
    Heure de fin: 2008-11-30 21:37:28
    ComboFix-quarantined-files.txt 2008-11-30 20:37:00
    ComboFix2.txt 2008-11-29 13:05:49

    Avant-CF: 4'215'898'112 octets libres
    Après-CF: 4,242,096,128 octets libres

    255


    Rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:40:16, on 30.11.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://tornos
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

    --
    End of file - 5573 bytes
    a b 8 Sécurité
    1 Décembre 2008 17:33:38

    Re,

    Télécharge Smitfraudfix (de S!ri).
    Enregistre-le sur ton bureau.
    Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
    Choisis l'Option 1 (Recherche)
    Poste le premier rapport ici.

    **Si le lien ne fonctionne pas, clique ici**
    1 Décembre 2008 18:34:38

    Re

    voici le rapport :

    SmitFraudFix v2.380

    Rapport fait à 18:32:47.86, 01.12.2008
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\Tasks\At?.job PRESENT !
    C:\WINDOWS\Tasks\At??.job PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris


    »»»»»»»»»»»»»»»»»»»»»»»» Bureau


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"


    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» RK



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C) - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 80.83.47.198
    DNS Server Search Order: 80.83.47.11
    DNS Server Search Order: 80.83.47.157
    DNS Server Search Order: 80.83.47.10

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{C66B9F7E-642C-4EE9-9167-CE8474F4801D}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{C66B9F7E-642C-4EE9-9167-CE8474F4801D}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{C66B9F7E-642C-4EE9-9167-CE8474F4801D}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    a b 8 Sécurité
    2 Décembre 2008 12:44:55

    Re,
    Redémarre en mode sans échec

    Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
    Sauvegarde le rapport sur ton Bureau.

    Redémarre normalement.

    Poste les rapports Hijackthis et SmitfraudFix.
    2 Décembre 2008 20:06:56

    hello

    voici le rapport demandé :

    SmitFraudFix v2.380

    Rapport fait à 19:59:57.72, 02.12.2008
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\Tasks\At?.job supprimé
    C:\WINDOWS\Tasks\At??.job supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» RK


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C) - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 80.83.47.198
    DNS Server Search Order: 80.83.47.11
    DNS Server Search Order: 80.83.47.157
    DNS Server Search Order: 80.83.47.10

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{C66B9F7E-642C-4EE9-9167-CE8474F4801D}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{C66B9F7E-642C-4EE9-9167-CE8474F4801D}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{C66B9F7E-642C-4EE9-9167-CE8474F4801D}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    what else ;) 
    a b 8 Sécurité
    3 Décembre 2008 12:46:52

    Reposte un rapport Hijackthis.
    3 Décembre 2008 19:33:44

    et voila :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:32:42, on 03.12.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://tornos
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

    --
    End of file - 5287 bytes
    4 Décembre 2008 20:05:12

    Salut

    Vu que c'est la fin des opérations, 1 ou 2 questions :
    - je fais un scan Malwarebytes' Anti-Malware de temps en temps ?
    - généralement j'utilise Ccleaner. Bien ou pas ?

    Voila le scan Antivir :



    Avira AntiVir Personal
    Report file date: jeudi, 4. décembre 2008 19:38

    Scanning for 1074021 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: PORTABLE

    Version information:
    BUILD.DAT : 8.2.0.337 16934 Bytes 18.11.2008 13:05:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 18.11.2008 08:21:26
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26.05.2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26.05.2008 07:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 11:30:36
    ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09.11.2008 16:57:13
    ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30.11.2008 18:35:07
    ANTIVIR3.VDF : 7.1.0.189 200192 Bytes 04.12.2008 18:35:08
    Engineversion : 8.2.0.41
    AEVDF.DLL : 8.1.0.6 102772 Bytes 14.10.2008 10:05:56
    AESCRIPT.DLL : 8.1.1.17 336251 Bytes 04.12.2008 18:35:14
    AESCN.DLL : 8.1.1.5 123251 Bytes 07.11.2008 15:06:41
    AERDL.DLL : 8.1.1.3 438645 Bytes 04.11.2008 13:58:38
    AEPACK.DLL : 8.1.3.4 393591 Bytes 11.11.2008 09:41:39
    AEOFFICE.DLL : 8.1.0.31 196987 Bytes 04.12.2008 18:35:13
    AEHEUR.DLL : 8.1.0.74 1519990 Bytes 04.12.2008 18:35:12
    AEHELP.DLL : 8.1.2.0 119159 Bytes 04.12.2008 18:35:10
    AEGEN.DLL : 8.1.1.6 323955 Bytes 04.12.2008 18:35:09
    AEEMU.DLL : 8.1.0.9 393588 Bytes 14.10.2008 10:05:56
    AECORE.DLL : 8.1.5.2 172405 Bytes 04.12.2008 18:35:08
    AEBB.DLL : 8.1.0.3 53618 Bytes 14.10.2008 10:05:56
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 31.07.2008 12:02:15
    AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12.06.2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27.06.2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi, 4. décembre 2008 19:38

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'WZCSLDR2.exe' - '1' Module(s) have been scanned
    Scan process 'AirGCFG.exe' - '1' Module(s) have been scanned
    Scan process 'Directcd.exe' - '1' Module(s) have been scanned
    Scan process 'mm_tray.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'ONETOUCH.EXE' - '1' Module(s) have been scanned
    Scan process 'carpserv.exe' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'HPWirelessMgr.exe' - '1' Module(s) have been scanned
    Scan process 'HPConfig.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    34 processes with 34 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '51' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.30 dropper
    [NOTE] The file was moved to '49a12442.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nc45f4EY.exe.vir
    [DETECTION] Is the TR/Dldr.Agent.wdc Trojan
    [NOTE] The file was moved to '496c2612.qua'!
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP147\A0032385.cpl
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '49682652.qua'!
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP148\A0032401.exe
    [DETECTION] Is the TR/Agent.arhu Trojan
    [NOTE] The file was moved to '49682654.qua'!
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP148\A0032471.exe
    [DETECTION] Is the TR/Tiny.705 Trojan
    [NOTE] The file was moved to '49682659.qua'!
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP148\A0032472.exe
    [DETECTION] Is the TR/Tiny.705 Trojan
    [NOTE] The file was moved to '4968265a.qua'!
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP148\A0032473.exe
    [DETECTION] Is the TR/Tiny.705 Trojan
    [NOTE] The file was moved to '48168443.qua'!
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP148\A0032474.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
    [NOTE] The file was moved to '4968265c.qua'!
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP148\A0032475.dll
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.KD back-door program
    [NOTE] The file was moved to '4968265b.qua'!
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP148\A0032476.dll
    [DETECTION] Is the TR/Drop.Softomat.AN Trojan
    [NOTE] The file was moved to '48168444.qua'!
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP148\A0032477.dll
    [DETECTION] Is the TR/Drop.Softomat.AN Trojan
    [NOTE] The file was moved to '4968265d.qua'!
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP148\A0032478.exe
    [DETECTION] Is the TR/Agent.118784.18 Trojan
    [NOTE] The file was moved to '48168446.qua'!
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP148\A0032479.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48068d25.qua'!
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP152\A0033625.exe
    [DETECTION] Is the TR/Dldr.Agent.wdc Trojan
    [NOTE] The file was moved to '4968266b.qua'!
    C:\System Volume Information\_restore{AAFC47FD-C736-404D-8E42-13A7C495B6C3}\RP156\A0034051.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.30 dropper
    [NOTE] The file was moved to '4968267e.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: jeudi, 4. décembre 2008 19:58
    Used time: 20:35 Minute(s)

    The scan has been done completely.

    3486 Scanning directories
    105724 Files were scanned
    15 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    15 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    105707 Files not concerned
    604 Archives were scanned
    2 Warnings
    15 Notes



    et au cas ou le Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:01:12, on 04.12.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://tornos
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

    --
    End of file - 5182 bytes


    Merci pour tout !!! :hello: 
    a b 8 Sécurité
    5 Décembre 2008 16:18:10

    Encore des soucis ?
    5 Décembre 2008 17:49:51

    hello

    ben non... plus de soucis. Merci pour tout !!!

    Tu peux juste me dire pour ça :
    Citation :
    - je fais un scan Malwarebytes' Anti-Malware de temps en temps (ou autre anti-spyware) ?
    - généralement j'utilise Ccleaner. Bien ou pas ?
    a b 8 Sécurité
    5 Décembre 2008 20:19:58

    Oui et oui :) 
    3 Janvier 2009 00:51:13

    bonsoir

    je suis complètement désespérée mon ordinateur a chope le virus anti virus 2009 et le trojan hbo 32 je ne peux plus avoir accée a mes documents ni mon poste de travail je ne sais absolument pas quoi faire aidez moi s'il vous plait c'est très important .
    merci d'avance


    voici le rapport de hijackthis :( je precise que je n'y connais rien )
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:35:35, on 03/01/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\S3trayp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Fighters\configservice.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\Program Files\Fighters\licenseservice.exe
    C:\Program Files\Fighters\updateservice.exe
    C:\Program Files\Fighters\ScannerService.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\admin\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: LPVideoPlugin - {1C64EEE2-FD54-4ED9-9017-CB8A16B70809} - C:\WINDOWS\system32\LPVideo.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: PolMaker - {EAA3FD3B-107B-4944-8139-B6D57E0358A5} - C:\WINDOWS\system32\kdz32.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
    O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
    O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
    O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe

    --
    End of file - 8655 bytes
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS